Skip to Main Content
menu
05/27/2025

Tips to Prevent Social Engineering Crimes and Loss

Tips to Prevent "Scam Yourself" or "Deep Fake" Social Engineering Crimes and Loss.

According to recent publications, social engineering attacks have skyrocketed 614% in recent months.

What is Social Engineering, Deep Fake and Scam Yourself and How do I recognize one?

Social Engineering: A technique used by attackers to manipulate people into giving up confidential information or performing actions that compromise security. Instead of hacking into systems directly, social engineers exploit human psychology to trick individuals into revealing passwords, financial information, or other sensitive data.

  • Actual scam: In 2020, a cybercriminal impersonated Shark Tank judge Barbara Corcoran's assistant and sent an email to her book-keeper requesting a payment related to real estate investments. The email address used was very similar to the legitimate one, making it hard to detect the fraud. The bookkeeper transferred nearly $400,000 before realizing the scam when she contacted the real assistant.

Deep fake: A type of media that generates images, videos, or audio using artificial intelligence (AI) that are inauthentic to create highly realistic but fake content. 

  • Actual scam: In this 2024 case, scammers used AI-powered voice cloning technology to impersonate the CEO of a UK energy firm. The scammers called a senior executive, mimicking the CEO's voice perfectly, and instructed the executive to transfer $290,000 to a supplier. Believing the request was legitimate, the executive completed the transfer. The scam was only discovered later when the real CEO denied making the call.

Tips from the Experts: How to Prevent Deep Fake Social Engineering

  • Verify the Source: Before trusting any information received through any online communication channels, verify the source. Check it's authentic, reputable and trustworthy.
  • Implement Multi-Factor Authentication ("MFA"): This provides stronger security and helps prevent unauthorized access to accounts, reducing the risk of a criminal gaining access to sensitive personal and contact information.
  • Establish Communication Protocols & Training: Develop procedures to verify and check information, educating staff on best practice to avoid and report problems.
  • Email Filtering and Anti-Phishing Tools: Use advanced email filtering and anti-phishing tools to detect and block malicious emails before they reach employees.
  • Regular Security Audits: Conduct regular security audits to identify vulnerabilities and ensure that security measures are both current and progressive.
  • Incident Response Plan: Develop and maintain an incident response plan to quickly address and mitigate the impact of social engineering attacks.

Scam-yourself attack: A type of cyber scam used to trick individuals into compromising the security of their own technology devices and data by unknowingly installing malware or taking actions that benefit cybercriminals.

  • Actual Scams: Employee emails were hacked through Phishing attacks where hackers sent emails pretending to be actual vendors, with links to pay invoices. The hackers then gained access to multiple accounts, gaining access to sensitive data and downloading malware. Nearly $1M was stolen over 3 months before anyone caught onto the scam.

    In November 2024, the Cactus ransomware gang executed a cyberattack that compromised nearly 900GB of sensitive data at the Housing Authority of the City of Los Angeles, including personal identification information, financial documents, and internal communications. The attackers used sophisticated social engineering techniques to gain access to HACLA's network using it to extort money.

Red Flag Warnings:

  • WhatsApp & Personal Email: Ensure senior execs never use an external form of social media or communication method outside of company provided applications.
  • Third Party Attorney/Outside Counsel: Ensure that the Finance Department has a process to verify a new payment or changes to payments before wiring funds.
  • Offshore Bank Accounts: Be wary of wire transfers offshore. They are nearly impossible to recover once sent.

More Tips from the Experts: How to Prevent Deep Fake Social Engineering

  • Secure Communication Channels: Encourage the use of secure communication channels for sharing sensitive information. Avoid using email for transmitting confidential data.
  • Software Updates and Patch Management: Keep all software and systems updated with the latest security patches to prevent exploitation of known vulnerabilities.
  • Access Controls: Implement strict access controls to limit the number of employees who have access to sensitive information. Use the principle of least privilege (PoLP).
  • Monitoring and Logging: Monitor network activity and maintain logs to detect unusual behavior that may indicate a social engineering attack.
  • Physical Security Measures: Ensure physical security measures are in place to prevent unauthorized access to facilities and sensitive information.